溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
??我們都知道TLS需要依賴非對稱算法(RSK,EC,DS,DH...)完成秘鑰交換,身份認證的功能,但是非對稱算法的耗時和耗計算資源的特性在對資源或者耗時敏感的場景下,你就想把他優化掉。本文我們就簡紹一種TLS標準本身提供的優化方式:PSK.
??PSK的方式應該是最古老的一種秘鑰交換和認證方式,但是它在TLS中的江湖地位是比較低的,從最早的非正式的優化方案到有了自己的RFC編號RFC4279(December 2005)對比TLS的歷史
一下是RFC中的原文摘錄
This document specifies three sets of new ciphersuites for the
Transport Layer Security (TLS) protocol to support authentication
based on pre-shared keys (PSKs).
These pre-shared keys are symmetric
keys, shared in advance among the communicating parties.
一,The first set of ciphersuites uses only symmetric key operations for authentication.
TLS_PSK_WITH_RC4_128_SHA PSK RC4_128 SHA
TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK 3DES_EDE_CBC SHA
TLS_PSK_WITH_AES_128_CBC_SHA PSK AES_128_CBC SHA
TLS_PSK_WITH_AES_256_CBC_SHA PSK AES_256_CBC SHA
二,The second set uses a Diffie-Hellman exchange authenticated with a pre-shared key, and
TLS_DHE_PSK_WITH_RC4_128_SHA DHE_PSK RC4_128 SHA
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE_PSK 3DES_EDE_CBC SHA
TLS_DHE_PSK_WITH_AES_128_CBC_SHA DHE_PSK AES_128_CBC SHA
TLS_DHE_PSK_WITH_AES_256_CBC_SHA DHE_PSK AES_256_CBC SHA
三,the third set combines public key authentication of the server with pre-shared key authentication of the client.
TLS_RSA_PSK_WITH_RC4_128_SHA RSA_PSK RC4_128 SHA
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA_PSK 3DES_EDE_CBC SHA
TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA_PSK AES_128_CBC SHA
TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA_PSK AES_256_CBC SHA免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
